Chapter 22

Addressing FISMA Findings


Understanding how to resolve the reported vulnerabilities is the final step in the FISMA compliance process. The weaknesses noted in the Security Assessment Report need to be identified and described in a document known as the Plan of Action & Milestones (POA&M). The POA&M represents the ISSO’s to-do list and typically needs to be approved by the evaluation team that evaluated the system before they send in the recommendation for authorization. If the POA&M is well articulated, the system owner will likely obtain an Authority to Operate.


Findings; Plan of Action & Milestones; POAM; POA&M; Security weaknesses; Authority to Operate; Source of Discovery; Severity; ISSO; System owner

I don’t believe ...

Get FISMA Compliance Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.